Privacy Policy

Effective Date: April 3rd, 2020

Introduction

API respects the privacy of the crew members and employees of our airline and cruise line clients. We recognize the need for appropriate protections and management of personal information that may be provided by your airline/cruise line employer to API, and personal information that you may provide to us as part of our services. This Privacy Policy will assist you to understand what types of information we may collect, how that information may be used, and with whom the information may be shared. You may also wish to review your own airline and/or cruise line employer’s Privacy Policy for more information about how your personal data is collected, used and shared.

What personal information do we collect and why?

Personal Information for purposes of this Privacy Statement is information that identifies or can identify a specific individual. API may obtain and retain information about individuals, particularly airline and cruise line crew members and employees, to include:

  1. Individual’s name, employee number, crew position (e.g., captain, first officer, flight attendant, or job title, etc.), base location (domicile), hire date, gender (only for specific airlines and cruise lines), associated flight, ship, deadhead, pairing, department, and accounting information as may be provided by the individual’s airline/cruise line for the purposes of performance of the individual’s work related activities.
  2. Information that associates individuals with assigned hotels and ground transportation providers as part of the individual’s work-related activities. This may include additional room / pick-up information such as confirmation numbers, etc.
  3. Cell phone or e-mail address information, as may be provided by you or your company, to receive work-related e-mails and/or SMS text messages. You have the ability to opt into and out of this service as contractually agreed-to with your airline/cruise line employer.
  4. Per diem (allowance) information may be obtained, derived, used and retained expressly as contractually agreed with your airline/cruise line.
  5. Information that an individual may voluntarily provide as feedback to API for a specific hotel or ground transportation service.
  6. Information that an individual may voluntarily provide to API for the purposes of booking leisure hotels (not associated with work-related activities). Note that API does not retain credit card information (except for the last four numbers of the credit card), however credit card information may be passed to third party systems and booking engines associated with the hotel booking process.
  7. Audit logs of user activity on API websites, such as date/time stamps, used in accordance with industry-standard security practices.

API does not collect personal information when you visit API’s web sites unless you choose to provide it to API.

With whom does API share personal information?

  1. API primarily provides personal information (such as name, employee ID, rank, and arriving/departing flight/cruise information) to third party hotel and ground transportation companies in accordance with the contractual agreements with your airline/cruise line employer. For selected airlines and cruise lines, API may also provide per diem (allowance) information to hotels in accordance with the contractual obligations with your airline /cruise line.
  2. API may provide personal information to third-party hotel booking engines and tools as may be necessary for fulfillment of our obligations to your airline/cruise line employer, or as part of your voluntary request for booking leisure hotels.
  3. API may provide any and all personal information we have in our databases with your airline/cruise line employer. This information may be included in reports, invoices, data marts etc.
  4. General database information may be shared with our software development partners for the sole use of analysis, programming, testing, monitoring and quality assurance of our technology solutions.
  5. We may provide personal information to national or law enforcement agencies as required by applicable law, or if we feel this action is necessary to protect our business, employers, suppliers or customers.

Unless permitted by relevant laws, or you have agreed to this, API will not share personal information you provide to API with any other third parties without your permission, or sell, trade or lease your personal information to others, except as provided in this Privacy Policy.

How do we use personal information?

API primarily uses your personal information for the management of hotel, ground transportation, and optionally per diem services associated with your airline/cruise line employer. This information is only used in accordance with API’s contractual obligations with your airline or cruise line. Other uses may include:

  1. Management of feedback you voluntarily provide to API regarding your layover experience.
  2. We may use your information to help you complete a transaction such booking a leisure hotel.
  3. Occasionally we may use your information to contact you to complete surveys that we use for quality assurance purposes.
  • For information not voluntarily provided by you, API only uses and retains personal information in accordance with the contractual agreement between API and your airline/cruise line employer.

Choice and Consent

API receives and/or processes your personal as part of a contractual agreement with your airline/cruise line employer. For any optional services that API provides, such as receiving email or text messages of hotel changes, you will have the ability to opt into or out of these optional services.

How do we protect your personal information?

We want your crews to feel confident about using our Online Services, and we are committed to taking appropriate steps designed to protect the information we collect. While no Online Services can guarantee absolute security, we have implemented appropriate technical and organizational measures to protect the personal information that we collect and process about you.

International data transfers

The personal information we collect may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). While such information is outside of your country of residence, it is subject to laws of such other countries, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

Specifically, the servers of our Online Services are in the US. When we collect your personal information, we may process it in the US.

EU-US Privacy Shield

We have self-certified compliance with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the European Union. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield Principles and to view our certification, please visit here.

We will only process personal information in ways that are compatible with the purposes outlined above in this Privacy Policy.

As explained in this Privacy Policy, we may provide your personal information to third parties who perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third-party agent or service provider and they process your personal information in a manner inconsistent with the Privacy Shield Principles, we will remain liable under the Privacy Shield unless we can prove we are not responsible for the event giving rise to the damage.

Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

You may have the right to access personal information that we hold about you and request that we correct, amend or delete it if it is inaccurate or processed in violation of the Privacy Shields.

If you have any inquiries or complaints about our handling of your personal information under the Privacy Shields, you should first contact us at privacy@apihotels.com and we will respond to your inquiry promptly. If we are unable to satisfactorily resolve your complaint, or we fail to acknowledge your complaint in a timely fashion, we have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) in the resolution of any Privacy Shield complaints. Individuals may also have the opportunity under certain conditions to invoke binding arbitration for complaints regarding the Privacy Shield not resolved by the above mechanisms. See here for additional information about binding arbitration.

In compliance with the Privacy Shield Principles, API commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lodging Solutions d/b/a Accommodations Plus International (API) at:

API Inc
Attn: TJ McCauley, Senior Information Risk Officer
265 Broadhollow Road
Melville, NY 11747

API has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit Submit a case with JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.

API commits to cooperate with EU data protection authorities (DPAS) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
 
For purposes of enforcing compliance with the Privacy Shield frameworks, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission.

 

EU GDPR Representative

API Inc has appointed Fifth Square Limited as its Representative under the EU GDPR. This Representative may be contacted at:

Attn: Rune Pettersen
Coolharbour
Roundwood Co.
Wicklow A98 FY68
Ireland

Email: eurep@fifthsquare.eu

The Representative has been appointed as the criteria set out in Article 3(2), EU GDPR are met, specifically:

“This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union”

Cookies

Our Website uses cookies. Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website.

Cookies do not identify you personally, just the computer or device you are using. Cookies help to making it easier for you to log on to and use our site during future visits, navigate between pages efficiently, remember your preferences and improve the user experience. They also allow us to monitor traffic on our site.

The cookies we use may fall into one or more of the following categories:

a) Analytics/performance cookies: Every visit generates an ‘anonymous analytics cookie’ which tell us your whether you’ve visited our site before, which allows us to track how many users we have, and how often they visit our site. We use these cookies to gather statistics and maintain our site performance.

b) Functionality cookies: These allow us to remember choices you make and provide enhanced, more personal features. For example, remembering your email address and preferences on our website, so you don’t have to choose them each time you visit.

c) Strictly Necessary: These are cookies that are needed for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

Changes to This Notice and How to Contact Us

Updates to this Privacy Policy

Changes to this Privacy Policy will be made when required in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and in accordance with applicable law. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

If you have any questions about changes to this Privacy Policy, please contact us at the information below.

How to contact us

If you have any questions or concerns about our use of your personal information and information within this policy, please contact us via the Contact Us Section on our customer services portal here.

If you have any further questions or are unsatisfied with our response to any data protection issues you raise with us or our DPO, you have the right to contact the appropriate Data Protection Authority within your Country or Region which is tasked with the protection of personal data and privacy.